Compiler backdoor attacks undermine the trustworthiness of binaries by introducing deviations from their source code. Method: This paper proposes a Gödel-number–based certified compilation approach. Its core innovation is the first application of Gödel encoding to construct lightweight integer compilation certificates, enabling constant-time derivation rules that formally guarantee strict equivalence between source and binary in three dimensions: statement sets, execution order, and data dependencies. The method supports bidirectional certificate generation and machine-checked formal verification, establishing an end-to-end verifiable trusted compilation chain. Contribution/Results: We implement Charon, a prototype system compiling a subset of the FaCT language. Empirical evaluation confirms both theoretical soundness and engineering feasibility, significantly enhancing auditability and trust assurance throughout the compilation process.

In his 1984 Turing Award lecture, Ken Thompson showed that a compiler could be maliciously altered to insert backdoors into programs it compiles and perpetuate this behavior by modifying any compiler it subsequently builds. Thompson's hack has been reproduced in real-world systems for demonstration purposes. Several countermeasures have been proposed to defend against Thompson-style backdoors, including the well-known {it Diverse Double-Compiling} (DDC) technique, as well as methods like translation validation and CompCert-style compilation. However, these approaches ultimately circle back to the fundamental question: "How can we trust the compiler used to compile the tools we rely on?" In this paper, we introduce a novel approach to generating certificates to guarantee that a binary image faithfully represents the source code. These certificates ensure that the binary contains all and only the statements from the source code, preserves their order, and maintains equivalent def-use dependencies. The certificate is represented as an integer derivable from both the source code and the binary using a concise set of derivation rules, each applied in constant time. To demonstrate the practicality of our method, we present Charon, a compiler designed to handle a subset of C expressive enough to compile FaCT, the Flexible and Constant Time cryptographic programming language.